name: Build Bootstrap Bundle

on:
  push:
    branches: [main]
    paths:
      - 'bootstrap.yml'
      - 'roles/**'
  workflow_dispatch:

env:
  ANSIBLE_BUNDLER_VERSION: "1.10.2"

jobs:
  build:
    runs-on: ubuntu-24.04
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Install ansible-bundler
        run: |
          curl -fsSL "https://github.com/kriansa/ansible-bundler/releases/download/v${ANSIBLE_BUNDLER_VERSION}/ansible-bundler_${ANSIBLE_BUNDLER_VERSION}_amd64.deb" -o /tmp/ansible-bundler.deb
          sudo dpkg -i /tmp/ansible-bundler.deb

      - name: Install Python dependencies
        run: |
          python3 -m venv .venv
          .venv/bin/pip install ansible
          echo "$PWD/.venv/bin" >> $GITHUB_PATH
      - name: install Ansible dependencies
        run: |
          ansible-galaxy role install -r requirements.yml --roles-path roles

      - name: Verify playbook syntax
        run: |
          ansible-playbook --syntax-check bootstrap.yml -e 'user_pubkey="test"'

      - name: Build bundle
        run: |
          bundle-playbook -f bootstrap.yml -o bootstrap.run

      - name: Generate checksums
        run: |
          sha256sum bootstrap.run > bootstrap.run.sha256
          md5sum bootstrap.run > bootstrap.run.md5

      - name: Upload to release storage
        run: |
          echo "Uploading bootstrap.run and checksums to release storage {{ github.server_url }}/api/packages/${{ github.repository_owner }}/generic/bootstrap/latest/" &&
          curl -fsS -X PUT \
            -H "Authorization: token ${{ secrets.GITEA_TOKEN }}" \
            -T bootstrap.run \
            "${{ github.server_url }}/api/packages/${{ github.repository_owner }}/generic/bootstrap/latest/bootstrap.run"

          curl -fsS -X PUT \
            -H "Authorization: token ${{ secrets.GITEA_TOKEN }}" \
            -T bootstrap.run.sha256 \
            "${{ github.server_url }}/api/packages/${{ github.repository_owner }}/generic/bootstrap/latest/bootstrap.run.sha256"